Cryptocurrency-mining Malwares are threatening WordPress Websites

February 25, 2018

No Comments

101

With the arrival of new technologies there is increasing number of speculators who are trying to turn the benefits of these technologies into their own favour. This is valid also for cryptocurrencies. Apart from the common hacker attacks on bitcoin wallets and crypto exchanges, ordinary website visitors are becoming victims of attacks too. They often don’t even realize that they are unwillingly participating on bitcoin, monero coin (or any other cryptocurrency) mining process for the benefit of someone else.

This is possible thanks to a malicious malware for crypto currency mining that is injected to the website by an attacker.

How the visitor becomes zombie miner

The crypto currency mining as such uses the computing power of computer hardware (especially processor and graphic cards) for mining of so called blocks of the particular cryptocurrency. As the mining process is very demanding in terms of performance and electricity consumption, the cyber criminals invented a way how to shift the substantial part of the performance requirements and costs to the shoulders of unsuspecting victims.

By shifting the computing power that is needed for mining onto large number of people, the criminals significantly reduce costs and increase their personal profit from the mining.

As soon as the mining JavaScript is incorporated to the website, immediately after the page is loaded, the visitor lends its own computing capacity for cryptocurrency mining. The hidden stealing of performance then takes place during the entire time of the website visit.

Caution: the cryptocurrency mining as such is not an illegal activity. There are official mining scripts, like CoinHive, which can be used by anyone for cryptocurrency mining (for their own benefit). What’s illegal is de facto modification of harmless scripts and injecting them into someone else’s website – with the aim to prosper from its high traffic and using its visitors for mining.

And how to detect mining malware?

By noticing significant CPU/GPU usage and subsequent slowdown or freezing of applications. But if the malware is coded in such a way that it doesn’t use too much of the performance (so that it is not that obvious), victims doesn’t even notice that they are affected and are participating in cryptocurrency mining.

What are the areas where the malicious malware can infiltrate into? What other network connected devices are threatened with mining software? You can read more in this article: The Impact of Cryptocurrency-Mining Malware.

Why are WordPress websites vulnerable to misusage?

WordPress is an open-source platform that uses many add-ons, widgets and third-party plugins for enhancing its functionality. The installation of little known addons can cause website infiltration by malicious code – including the mining malware. As we already mentioned, such malware can be well hidden, therefore often even the website owners aren’t aware that their website was hacked. And usually the web visitors notice it earlier than the web owners.

Free WordPress templates can also be problematic, especially if they don’t come from reliable sources (like WordPress.org). The risk is that the malicious code can already be bundled into the template itself. Ultimately what this means is that it is quite hard to find a solution for bitcoin mining malware removal.

Quick guide how to protect your WordPress website against the crypto mining malware

1. Choose a Premium WordPress theme
As you need to be extremely cautions when deciding for a free WordPress theme, the safest option is to install one of the Premium templates. These themes must meet the highest security standards. It’s true that even the Premium theme cannot guarantee that the crypto mining malware would never infect the website, but at least you can be sure that the theme source code is absolutely ok after fresh download of the theme. No hidden traps.

2. Think twice what third-party plugins to download
Plugins are a natural part of WordPress templates and almost none of the themes can provide all the needed features without any plugins. Today, however, plugins are developed by many developers and can be of various quality, as well as can provide different level of security. Malicious code can either be built into plugin directly, or due to low security level, plugin can be used for website infiltration later on.

Furthermore, another risk relates to the theme author. If the author is a single developer, he/she can stop working on the plugin updates anytime. Out-of-date plugin is then a time bomb for the website.

3. Perform regular updates of your WordPress theme
Regular updates can secure your theme against the malware (this is one of the best WordPress malware protection). Updates prevent the whole bunch of security issues as they respond to the latest cyber threats and fix potential security holes.

More detailed info on the need to update templates: Why should I update WordPress theme? Is it really necessary?

4. Do not click on suspicious attachments
The threat of malware or ransomware is often hidden in unsolicited emails and dubious attachments. Therefore it is better not to open such messages and rather delete them immediately.

5. Check the network usage
One of the fastest ways how to detect that the website has been attacked by the cryptomining malware is to check the CPU usage. In case that the CPU load is too high and there is no program or application running on the background that could legitimately cause such high CPU usage (e.g. photo/video editing software, graphics rendering software etc.), it is very likely that the computer got infected.

The excess CPU usage doesn’t necessarily need to be caused by mining malware, it can be any other malware / ransomware.

Is cryptocurrency mining malware such a big threat?

For all the owners of websites that were built using WordPress themes, it should be a priority to protect their page against unwanted mining malware (and of course against all potential security issues).

It’s not just that the malware steals part of the computing power of the web visitors. It is unacceptable to expose users to such practices, because they become victims of cyber criminal parasites. Users can’t use the full power of their computers, processors are overloaded due to cryptocurrency mining – what can even lead to the damage of hardware in some extreme cases.

As soon as customer finds out that by visiting your website he became zombie miner, he will leave the website for good. And you will lose many valuable customers.

Although we encounter more and more malicious JavaScripts, it is possible to fight against bitcoin mining malware. It’s enough just to follow couple of basic recommendations: avoid unverified free WordPress templates and unverified third-party plugins, ignore unsolicited emails with attachments, check CPU and GPU usage and especially – regularly update your website.

Because every website will become vulnerable to many security threats without updates.